import { clearRefreshTokenCookie, setRefreshTokenCookie } from '~/utils/cookie-utils';
import { generateAccessToken, generateRefreshToken } from '~/utils/jwt-utils';
import { forbiddenResponse } from '~/utils/response';

export default defineEventHandler(async (event) => {
    const { password, username } = await readBody(event);
    if (!password || !username) {
        setResponseStatus(event, 400);
        return useResponseError('BadRequestException', 'Username and password are required');
    }

    const findUser = MOCK_USERS.find((item) => item.username === username && item.password === password);

    if (!findUser) {
        clearRefreshTokenCookie(event);
        return forbiddenResponse(event, 'Username or password is incorrect.');
    }

    const accessToken = generateAccessToken(findUser);
    const refreshToken = generateRefreshToken(findUser);

    setRefreshTokenCookie(event, refreshToken);

    return useResponseSuccess({
        ...findUser,
        accessToken,
    });
});
